Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audience error when logging in with Office 365 #45599

Open
redolencetech opened this issue Jan 29, 2025 · 0 comments
Open

Audience error when logging in with Office 365 #45599

redolencetech opened this issue Jan 29, 2025 · 0 comments
Labels
bug

Comments

@redolencetech
Copy link

Information about bug

The default Oauth implementation doesn't let the user login when using the social provider button, needing to send an email login link. It needs a change to the apps/frappe/frappe/utils/oauth.py file in get_info_via_oauth():

info = jwt.decode(token, flow.client_secret, options={“verify_signature”: False})

changed to:

info = jwt.decode(token, flow.client_secret, options={“verify_signature”: False, “verify_aud”: False})

Module

integrations

Version

Issue has existed for a long time, still present in:

Frappe version - 15.53.0
ERPNext version - 15.49.3

Installation method

easy-install

Relevant log output / Stack trace / Full Error Message.

Traceback (most recent call last):
File “apps/frappe/frappe/app.py”, line 110, in application
response = frappe.api.handle(request)
File “apps/frappe/frappe/api/init.py”, line 49, in handle
data = endpoint(**arguments)
File “apps/frappe/frappe/api/v1.py”, line 36, in handle_rpc_call
return frappe.handler.handle()
File “apps/frappe/frappe/handler.py”, line 49, in handle
data = execute_cmd(cmd)
File “apps/frappe/frappe/handler.py”, line 85, in execute_cmd
return frappe.call(method, **frappe.form_dict)
File “apps/frappe/frappe/init.py”, line 1716, in call
return fn(*args, **newargs)
File “apps/frappe/frappe/utils/typing_validations.py”, line 31, in wrapper
return func(*args, **kwargs)
File “apps/frappe/frappe/integrations/oauth2_logins.py”, line 33, in login_via_office365
login_via_oauth2_id_token(“office_365”, code, state, decoder=decoder_compat)
File “apps/frappe/frappe/utils/oauth.py”, line 119, in login_via_oauth2_id_token
info = get_info_via_oauth(provider, code, decoder, id_token=True)
File “apps/frappe/frappe/utils/oauth.py”, line 145, in get_info_via_oauth
info = jwt.decode(token, flow.client_secret, options={“verify_signature”: False})
File “env/lib/python3.10/site-packages/jwt/api_jwt.py”, line 104, in decode
self._validate_claims(payload, merged_options, **kwargs)
File “env/lib/python3.10/site-packages/jwt/api_jwt.py”, line 140, in _validate_claims
self._validate_aud(payload, audience)
File “env/lib/python3.10/site-packages/jwt/api_jwt.py”, line 189, in _validate_aud
raise InvalidAudienceError(‘Invalid audience’)
jwt.exceptions.InvalidAudienceError: Invalid audience
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@redolencetech